Summary:This article describes the Active Directory topologies that are supported for synchronization with the Enterprise Resource Pool in Project Server 2013.

When planning to synchronize your users from Active Directory groups to resources in your Project Web App Enterprise Resource Pool in Project Server 2013, it is important to understand that only certain Active Directory topologies are supported. This article describes the following topologies:

The following topologies are supported when synchronizing your users and groups from Active Directory to your Enterprise Resource Pool for your Project Web App instance in Project Server 2013. Note that some topologies will require you to install the Project Server 2013 March 12 2013 Cumulative Update to your Project Server 2013 environment in order to be supported.

In the single domain topology, Active Directory and Project Server 2013 servers all reside in the same domain. This is the simplest of topologies for Active Directory synchronization to your Enterprise Resource Pool or security groups, since this topology does not require the configuration of trusts between domains.

This topology is not supported for Active Directory synchronization with the RTM build of Project Server 2013. It is only supported by installing the Project Server 2013 March 12, 2013 Cumulative Update to your Project Server 2013 environment.

In this single forest topology, a child domain is created off of the parent domain. By default, the relationship between the child and parent domain is automatically two-way and transitive. This relationship ensures that users in the corp.contoso.com domain can be synchronized with the Project Server 2013 Enterprise Resource Pool in usa.corp.contoso.com. Additionally, if you created another child domain off of the usa.corp.contoso.com domain and host an Active Directory there, its users and groups would be able to be resolved by Project Server 2013 hosted in any other domain in the same tree.

This topology is not supported for Active Directory synchronization with the RTM build of Project Server 2013. It is only supported by installing the Project Server 2013 March 12, 2013 Cumulative Update to your Project Server 2013 environment.

In this single forest topology, when you create a new domain within an existing forest, you create a tree root trust between the new domain and the rest of the forest. By default, this relationship ensures that users in a domain in the tree (for example, usa.corp.contoso.com) can be synchronized to the Project Server 2013 Enterprise Resource Pool if it resided in the new domain (for example, corp.litware.com). Tree-root trusts are always two-way and transitive, so the synchronization could also occur successfully if the Project Server 2013 Enterprise Resource Pool resided in usa.corp.contoso.com, and the Active Directory users resided in the corp.litware.com domain.

In this topology above, Project Server 2013 trusts the Active Directory domain through its own root trust with the forest root domain, and then through the parent—child trust between the forest root domain and the domain that contains the Active Directory.

This topology is not supported for Active Directory synchronization with the RTM build of Project Server 2013. It is only supported by installing the Project Server 2013 March 12, 2013 Cumulative Update to your Project Server 2013 environment.

In this multi-forest topology, two forests exist in which Project Server 2013 resides in one forest, and the Active Directory users reside in another. A forest trust needs to be created between forest root domains for each forest in order for the Project Server 2013 Enterprise Resource Pool to successfully synchronize with Active Directory groups and user in the other forest. Forest trusts are transitive, so any domain within one forest will trust any domain within the other forest. You are not required to setup individual trusts, although if your topology is complex you may need to set up some shortcut trusts. For more information about creating a shortcut trust, see Create a shortcut trust.

In the topology graphic above, a forest trust is established between the Contoso and Fabrikam forests. The domain in which Project Server 2013 resides (corp.litware.com) and the domain containing the Active Directory users (usa.corp.fabrikam.com) trust each other because of the transitivity of the forest trust. This trust can be configured to be either one-way or two-way.

This topology is not supported for Active Directory synchronization with the RTM build of Project Server 2013. It is only supported by installing the Project Server 2013 March 12, 2013 Cumulative Update to your Project Server 2013 environment.

In this multi-forest topology, you allow synchronization with users in a different forest by creating an external trust between the domain hosting Project Server 2013 and the domain hosting the Active Directory. This is useful if you need to synchronize users who reside in only a single domain, but not the whole forest.

In the topology graphic above, Project Server 2013 can synchronize with groups and users in the usa.corp.fabrikam.com domain. Since an external trust is non-transitive, Project Server 2013 will not be able to synchronize with groups or users from any other domain in the Fabrikam forest.